/*
 * Copyright (C) 2005-2009 Novell, Inc.
 * 
 * All rights reserved.
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of version 2 of the GNU General Public
 * License as published by the Free Software Foundation.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, contact Novell, Inc.
 * 
 * To contact Novell about this file by physical or electronic mail,
 * you may find current contact information at www.novell.com.
 */
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
#include "phase1.h"
#include "phase2.h"

#include "adminport.h"

int nortel_write_racoon_conf (char *buff);

int
nortel_write_racoon_conf(char *buf)
{
	RacoonConfInfo *rbuf;	
	FILE *fp = NULL;
	int auth_flag = 0;	
	rbuf = (RacoonConfInfo *) buf;

	umask(006);

	/* Setting Condition on Authentication Method */
	if( strcmp(rbuf->ph1_proposal.authmethod, "pre_shared_key") == 0 )
		auth_flag = 1;
	else if( strcmp(rbuf->ph1_proposal.authmethod, "rsasig") == 0 )
		auth_flag = 2;

	fp = fopen(rbuf->filename, "w+");
	if(fp == NULL)
	{
		printf("Could not open file %s\n", rbuf->filename);
		return -1;
	}
	fprintf(fp, "# racoon.conf generated by Turnpike Nortel GUI plugin\n");
	fprintf(fp, "path include \"/etc/racoon\";  \n");
	fprintf(fp, "include \"racoon.conf\";\n"  );
	
	if(auth_flag == 2)
		fprintf(fp, "path certificate \"%s\";\n", rbuf->racoon_cert_path);

	
	//write ph1 stuff
	
	fprintf(fp, "remote %s\n", rbuf->server_ip_addr);
	
	fprintf(fp, "{\n");
	fprintf(fp, "	nat_traversal on;\n	");

	if(auth_flag == 1 )
		fprintf(fp, "exchange_mode aggressive;	\n");
	else if( auth_flag == 2 )
		fprintf(fp, "exchange_mode main;	\n");

	fprintf(fp, "	doi ipsec_doi;\n	\
situation identity_only;\n	\
verify_cert off;\n	");
	
	if( auth_flag == 1 )
		fprintf(fp, "my_identifier keyid;\n		");
	else if( auth_flag == 2)
	{
		fprintf(fp, "my_identifier asn1dn;\n	");
                fprintf(fp, "certificate_type x509 \"usercert.pem\" \"userkeyunenc.pem\";\n     ");
	}
	
	fprintf(fp, "	nonce_size 16;\n	\
initial_contact on;\n	\
proposal_check obey;	\n\n");
	//proposal
/*	fprintf(fp, "	proposal {\n");
	fprintf(fp, "		encryption_algorithm %s;\n", rbuf->ph1_proposal.encalgo);
	fprintf(fp, "		hash_algorithm %s;\n", rbuf->ph1_proposal.hashalgo);
	fprintf(fp, "		authentication_method %s;\n", rbuf->ph1_proposal.authmethod);
	fprintf(fp, "		dh_group %s;\n", rbuf->ph1_proposal.dhgroup);
	fprintf(fp, "	}\n");*/
	write_PH1_proposal(fp, rbuf->ph1_proposal.dhgroup, rbuf->ph1_proposal.authmethod);
	fprintf(fp, "}\n");
	
	//write ph2 stuff
	
	fprintf(fp, "sainfo address %s/%d[0] any address 0.0.0.0-255.255.255.255[0] any\n", rbuf->source_ip_addr, 32);
	fprintf(fp, "{\n");
/*	if(strcmp(rbuf->ph2_proposal.pfsgroup, "off") != 0)
		fprintf(fp, "	pfs_group %s;\n", rbuf->ph2_proposal.pfsgroup);
	fprintf(fp, "	encryption_algorithm %s;\n", rbuf->ph2_proposal.encalgo);
	fprintf(fp, "	authentication_algorithm %s;\n", rbuf->ph2_proposal.hashalgo);
	fprintf(fp, "	compression_algorithm deflate;\n");*/
	write_PH2_proposal(fp, rbuf->ph2_proposal.pfsgroup);
	fprintf(fp, "}\n");
	
	
	
	
	fprintf(fp, "sainfo address 0.0.0.0-255.255.255.255[0] any address %s/%d[0] any\n", rbuf->source_ip_addr, 32);
	fprintf(fp, "{\n");
/*	if(strcmp(rbuf->ph2_proposal.pfsgroup, "off") != 0)
		fprintf(fp, "	pfs_group %s;\n", rbuf->ph2_proposal.pfsgroup);
	fprintf(fp, "	encryption_algorithm %s;\n", rbuf->ph2_proposal.encalgo);
	fprintf(fp, "	authentication_algorithm %s;\n", rbuf->ph2_proposal.hashalgo);
	fprintf(fp, "	compression_algorithm deflate;\n");*/
	write_PH2_proposal(fp, rbuf->ph2_proposal.pfsgroup);
	fprintf(fp, "}\n");
	
	fprintf(fp, " \n");
	fprintf(fp, " \n");
	fprintf(fp, " \n");
	fprintf(fp, " \n");
	fprintf(fp, " \n");
	
	
	fclose(fp);

	return 0;
}


